|
|
This chapter contains an alphabetical listing of LocalDirector commands and command usage sections. Documentation for each command includes a brief description, command syntax, usage guidelines, and command output examples. Topics include:
You can use the commands shown in Table 5-1 on the command line to edit or display previously entered commands.
Table 5-1 Command-Line Editing
 |
Note These are all the editing commands supported by LocalDirector. |
The show history command lists the last ten command lines entered.
LocalDirector supports command-line completion. When you enter part of a command and press the Tab key, the command matching that letter combination appears. For example, entering fa and pressing the Tab key returns the failover command:
Should the partial command have more than one completion option, press Tab again to display a list of possible completions (the first Tab issues a beep to alert you that more input is needed). For example:
In the following command example, notice you cannot complete more than the command itself; keywords and variables are not completed:
Wildcards can be used with the show commands and with some action commands that are described in this chapter.
In a show command, any field in a real_id or virtual_id specifier may be left blank or padded with the keyword all to list a set of servers that match.
For example, the following two commands display a list of all TCP virtual servers:
To display a list of virtual servers configured to use port 443 (trailing colons are unnecessary), use the following command:
To display a list of TCP virtual servers configured to use port 443, use the following minimal command:
When using some commands for real servers (such as assign, retry, and timeout), you can replace the real_id specifier with the virtual server ID. This allows all the real servers that are bound to the virtual server to be affected by these commands.
With some action commands, you can pad a real_id or virtual_id specifier with the keyword all to act on a set of servers that match. If the command (or no form of the command) does not accept the wildcard all, an error message appears that states the command cannot be used with the all keyword. With some commands involving real_id or virtual_id you do not need to specify port numbers, bind-ids, or protocols. You can substitute :all:all:all for all port numbers, bind-ids, or protocols.
You can abbreviate most commands by using only a few unique characters for a command. For example, you can enter conf t (configuration terminal) to start configuration mode.
The command interpreter provides a command set that emulates Cisco IOS technologies. This command set provides three administrator access modes:
Follow this procedure to enter configuration and replication mode:
a. LocalDirector then prompts you for a password. When you first configure LocalDirector, a password is not required. Press the Enter key at the prompt.
b. Assign a password to privileged mode by using the enable password command.
Step 2 Access configuration and replication mode by using the configuration terminal command while in privileged mode. You can then write your settings to Flash memory, diskette, or the console.
Information about each command is available when you enter the command name followed by a question mark at the command line prompt, as shown in the following example.
The syntax of the command appears, followed by the prompt with your previous text entry on the command line. If necessary, use the pager command to control display output.
For a listing of all commands available for the current mode, type a question mark.
If you enter a command that LocalDirector does not recognize, the following message appears:
This message can be caused by the following:
Table 5-2 lists LocalDirector features and the corresponding configuration commands.
Table 5-2 LocalDirector Features
|
To set an alias IP address, use the alias ip address command. Use the no form of this command to remove an alias IP address.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The alias ip address command assigns multiple IP addresses to LocalDirector. This allows LocalDirector to be placed on a different IP network than the real servers, without using a router.
Examples
In the following example, an alias IP address of 192.168.34.33 is set. No subnet mask is set, so the default value of 255.255.255.0 is used.
Related Commands
To add an entry to the LocalDirector Address Resolution Protocol (ARP) table, use the arp command. Use the no arp command to remove an ARP entry.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Privileged, configuration, and replication
Usage Guidelines
The arp command adds an entry to the LocalDirector ARP table. ARP is a low-level protocol that maps the physical address of a node to its IP address.
|
Note All virtual servers, whether in service or out of service, respond to ARP requests. |
Gratuitous ARPs are supported in LocalDirector Versions 1.6 and later. In Versions 3.1 and later, all gratuitous ARPs have the same MAC address regardless of source interface number.
Examples
Related Commands
To direct connection requests to a specific instance of a virtual server, use the assign command. Use the no assign command to remove these connection requests.
Syntax Description
|
Defaults
The bind-id when you are defining a virtual server is 0 and the protocol is TCP.
Command Modes
Usage Guidelines
Use the assign command to associate client IP addresses with specific virtual servers. Any client IP address not identified by an assign command statement is directed to the default bind-id of 0. A virtual server with a bind-id of 0 cannot be used with the assign command because bind-id 0 is reserved for default traffic.
Prior to Version 3.1, a first-fit algorithm was used to determine which virtual server a client was sent to. If a client fits more than one assignment, LocalDirector selects the first correct virtual server that it looks up. The following example sends clients from the 172.16.67.0 network to virtual server bind-id 1, with the exception of the individual client 172.16.67.146, which is assigned to virtual server bind-id 2:
Version 3.x uses a best-fit algorithm. The most restrictive subnet mask is judged the best fit, and port assignments are used secondarily. Additionally, to maintain security-related functionality for a particular virtual IP address, if a client IP address fits a subnet mask, then that client is restricted to that subnet mask for all virtual servers with that virtual IP address. As an example:
restricts the 172.16.67.146 client to port 80. If the client attempts a connection to any other port, even though the IP address fits the subnet mask for the port 0 virtual server, the client is rejected. Once the client is restricted to the 255.255.255.255 subnet mask, any virtual server the client is allowed to access for that IP address must be assigned with an exact subnet mask. If there is no bind-id 0 for that virtual server, and the client is not specifically assigned to another virtual server, the client will be denied access to the virtual server. To allow the client into another port for that IP address, the client must be assigned to that port explicitly (or, of course, with port 0 virtual servers, any port). To allow this client access to port 443, for example:
Administrators can validate the assignments they make using the test assign command:
The command output shows the virtual server the client will be assigned to, or an indication that no virtual server is available for that client.
For more information, see the definition of client-assigned load balancing in Chapter 1, and an example of client-assigned load balancing in "Configuring LocalDirector."
Examples
Related Commands
To allow a real server to continue sending data to existing connections after a brief interruption, use the autounfail command. Use the no autounfail command to turn off the autounfail feature.
Syntax Description
|
Defaults
The autounfail command is on by default.
Command Modes
Usage Guidelines
An example of a brief interruption would be when a cable is disconnected by mistake, and quickly reconnected. A real server is failed when it does not answer the number of connections set with the threshold command, even though it still might answer one of its existing data connections, or when it responds with TCP RSTs. The autounfail command brings a failed server back in operation if it answers or sends data on a connection that is already established.
When a virtual_id argument is specified, all real servers represented by that virtual server are affected by this command.
In autounfail mode, the real server receives one real incoming connection. If it answers that connection, it is put in service. If it does not answer that connection, it is failed again.
Examples
Related Commands
To assign a backup server for a real or a virtual server, use the backup command. Use the no backup command to remove a backup server.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
You can back up real servers with virtual addresses, and you can back up virtual servers with a real server. You can use a backup server when the real or virtual server is not in service (for example, it is failed or out of service).
It is important to note that the backup server is treated just like any other real or virtual server by LocalDirector. For example, if the backup server is a real server, it has the same adjustable parameters (retry, timeout, reassign, and so on) that other real machines have. The predictor command for the backup virtual server is used to load balance the servers being backed up by that virtual server.
A real server bound to a virtual server cannot also be used as a backup for that virtual server, which means that the following configuration works:
However, if you tried to bind real server 10.5.5.5 to virtual server 10.1.1.1, you would not be allowed, because that real server is already serving as a backup for that virtual server.
Also, if real server 10.2.2.2 fails and is backed up by real server 10.4.4.4, it uses that real server 10.4.4.4 as long as it is in service. If real server 10.4.4.4 does not stay in service, there is no check for a backup for 10.4.4.4.
Examples
Related Commands
To associate a virtual server with one or more real servers, use the bind command. Use the no bind command to release an association between a real server and virtual server.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
Use the virtual or real command to define the virtual server and real server addresses before using the bind command. Use the bind command to direct network traffic from a virtual server to a real server. If you are binding a real server to more than one virtual server, each real server must use a unique bind-id.
Examples
The following is an example of the binding for a UDP virtual and real server:
Related Commands
To enable booting from a remote configuration file, use the boot config command. Use the no boot config command to disable booting from a remote configuration file.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
LocalDirector configuration files can be stored on a TFTP server. This command accesses the configuration file and boots LocalDirector using the new configuration.
When a configuration file is loaded, each statement is read into the current configuration and evaluated with these rules:
Examples
The configuration software is loaded in LocalDirector.
Related Commands
To enable booting from a remote image, use the boot image command.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
LocalDirector software (image file) can be stored on a TFTP server. This command accesses that software and boots LocalDirector using the new image. Optionally, you can specify to reload the image.
Examples
In the following example, LocalDirector is booted from a remote image but not reloaded:
In the following example, LocalDirector is booted from a remote image and reloaded:
To manipulate bridge table operations, use the bridge command.
Syntax Description
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
LocalDirector is a transparent learning bridge. As traffic is received, a bridge table is populated for each interface, showing the MAC addresses that are accessible through that interface. LocalDirector bridges traffic between interfaces only if the source and destination addresses reside on different interfaces. If a server is physically moved from one interface to another, you may need to clear the bridge table to ensure that traffic destined for that server is sent to the correct interface.
Examples
To associate virtual servers and create a group, use the buddy command. Use the no buddy command to remove a virtual server from a buddy group, or a buddy group, if all servers have been removed.
Syntax Description
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
Use the buddy command to create a buddy group (named buddy_group) consisting of a list of virtual servers. Certain commands and parameters that affect one virtual server affect all other virtual servers in the buddy group (for example, the buddy relationship shares the generic information from the sticky command). A virtual server can reside in only one buddy group; if it currently exists in a group, it must be removed from that group before it can be added to a new group. An unlimited number of virtual servers can exist within a buddy group.
The show buddy buddy_group command lists the virtual servers in a group, or an error message if the buddy_group does not exist.
|
Note In the current release, the only use of the buddy command is to share generic sticky associations. The buddy command cannot be used to group a virtual server using the sticky command ssl option with a virtual server using the sticky command generic option. The buddy command cannot be used for cookie sticky associations. |
Examples
The following example creates the buddy group my_app and adds virtual servers 10.0.0.100 and 10.0.0.200. The contents of the group are displayed with the show buddy command.
With the sticky feature turned on for virtual server 10.0.0.200, when a client visits the virtual server 10.0.0.100 after visiting 10.0.0.200, the client will be sent to the same real server as on the 10.0.0.100 connection.
Related Commands
To change the multicast Time To Live (TTL) value for multicast Cisco Appliance Server Architecture (CASA) environment packets, use the casa service-manager multicast-ttl command. Use the no casa service-manager multicast-ttl command to disable the multicast Time To Live (TTL) value for multicast CASA packets.
|
Note Currently, the only use of CASA is for Multi-Node Load Balancing (MNLB). |
Syntax Description
Defaults
The default Time To Live (TTL) value is 60 seconds.
Command Modes
Usage Guidelines
The CASA environment uses LocalDirector as a Service Manager to load balance a set of routers, called Forwarding Agents, providing increased efficiency and scalability. Once the Service Manager determines the Forwarding Agent that will handle the packet stream, all packets belonging to that packet stream are routed directly to the Forwarding Agent.
The Service Manager and Forwarding Agent communicate by sending UDP IP multicast messages. Use the casa service-manager multicast-ttl command to change the Time To Live value (number of seconds) for the IP multicast packets that are sent between the CASA components.
|
Note The casa service-manager commands configure LocalDirector for the CASA environment; they should not be used unless LocalDirector is part of the CASA environment. |
Examples
Use the following command example to set a TTL of 60 seconds for sending IP multicast packets to the Forwarding Agent.
Related Commands
To change the Cisco Appliance Server Architecture (CASA) Service Manager multicast port, use the casa service-manager port command. Use the no casa service-manager port command to reset the CASA Service Manager multicast port to the default port number.
|
Note Currently, the only use of CASA is for Multi-Node Load Balancing (MNLB). |
Syntax Description
|
Defaults
By default, the Service Manager port is 1638.
Command Modes
Usage Guidelines
The CASA environment uses LocalDirector as a Service Manager to load balance a set of routers, called Forwarding Agents, providing increased efficiency and scalability. Once the Service Manager determines the Forwarding Agent that will handle the packet stream, all packets belonging to that packet stream are directly routed to the Forwarding Agent.
The Service Manager and Forwarding Agent communicate by sending UDP IP multicast messages. Use the casa service-manager port command to change the UDP port that the Service Manager uses for multicast communication between the CASA components. An optional password and password timeout can be used, which is disabled by default.
|
Note The casa service-manager commands configure LocalDirector for the CASA
environment; they should not be used unless LocalDirector is part of the CASA environment. |
The password is the password to be used in MD5 encryption of packets between the Service Manager and Forwarding Agents. A password_timeout value is assigned for two reasons:
Examples
Use the following command-line example to define UDP port 1638 for LocalDirector (Service Manager) to communicate with routers (Forwarding Agents).
Related Commands
casa service-manager multicast-ttl
To assign two or four interfaces as Fast EtherChannel ports, use the channel command. Use the no channel command to remove an interface assignment.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The channel command sets the interface numbers for the Fast EtherChannel configuration. See the "Fast EtherChannel Configuration" section in "Implementing a LocalDirector Network," for a configuration procedure.
Examples
Related Commands
To delete information associated with the other commands, use the clear command.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
Use the clear command with arp, bridge, buddy, configuration, counters, route, snmp-server, sticky, syslog, and telnet to clear the values associated with those commands.
|
Note You must clear the ARP tables for the router adjacent to LocalDirector when you upgrade LocalDirector software from Version 2.x to Version 3.x. |
Examples
Related Commands
To delete all or part of the LocalDirector configuration currently operating, use the clear configuration command.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
Use the clear configuration command to delete all or part of the LocalDirector configuration. If you enter the clear configuration command without an optional argument, the default is to clear the secondary configuration.
 |
Caution The clear configuration command clears the running configuration. Once you use the write memory command to save the configuration to Flash memory, any information that has been cleared cannot be restored. We recommend that you first save configurations to diskette with the write floppy command or a TFTP server with the write net command. |
Examples
The following LocalDirector configuration (configured for failover operations with a primary and secondary LocalDirector) exists before using the clear configuration command. The output appearance has been condensed to conserve space.
The following LocalDirector configuration exists after using the clear configuration secondary command.
The following LocalDirector configuration exists after using the clear configuration primary command.
To reset the error, interface, or SNMP counters, use the clear counters command.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
Use the clear counters command to restart the LocalDirector data counters periodically.
If you enter the clear counters command without an argument, all counters are cleared.
Examples
In the following example, the clear counters command is used to clear all error counters.
Related Commands
To set the date and time for LocalDirector, use the clock set command. You must enter the time based on Coordinated Universal Time (UTC). You cannot disable the clock.
Syntax Description
|
Defaults
All hour entries are based on Coordinated Universal Time, or UTC.
Command Modes
Usage Guidelines
The clock is used by the sticky command as the timeout reference for the cookie-passive option.
|
Note If you are using the cookie-insert option of the sticky command, you must accurately set the date and time, and synchronize clocks with the appropriate real servers. |
Examples
Related Commands
To set an IP precedence value for a virtual server, use the color command. Use the no color command to remove the IP precedence value for a virtual server.
Syntax Description
|
Defaults
The IP precedence feature is off by default.
Command Modes
Usage Guidelines
The color command allows a value to be set on a per virtual server basis to allow prioritizing of packets for different types of services. Prioritized packets are sent to and from virtual servers. For example, one port may be used for HTTP traffic, using one priority, while another port may handle UDP traffic, with another priority.
|
Note The color command is not compatible with the Cisco Appliance Server Architecture (CASA) environments. Currently the only use of CASA is for Multi-Node Load Balancing (MNLB). |
Examples
Related Commands
To define the current configuration, use the configuration command.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
Each statement is read into the current configuration and evaluated with these rules:
Examples
Related Commands
To limit the number of connections to a server that has an open connection to a client, but is not sending data in response to a request, use the data command. Use the no data command to return the connection value to 0.
Syntax Description
|
Defaults
The feature is disabled by default, with an initial value of 0.
Command Modes
Usage Guidelines
Some Web servers continue to establish connections to a real server even though the daemon or application running on that port is dead. The data command can be used to limit the number of connections that are sent to a real server that is not sending data.
|
Note Traffic containing data packets is transparently passed by LocalDirector with the ASLB feature, and no DataIn counters are incremented. The data command is used to limit the number of connections to a real server that is not sending data packets. LocalDirector can fail a real server based on DataIn counters. You cannot use the data command to fail real servers that are not sending data packets with an ASLB configuration. |
When a virtual_id is specified, all real servers represented by that virtual server are affected.
No time interval is associated with the data command. The following scenario describes the sequence of events that determines whether the server is responding:
2. Server kernel responds with SYN/ACK.
3. Client sends ACK to complete the TCP handshake.
4. Client sends HTTP GET request (LocalDirector counts this as one data request).
5. If the server responds, LocalDirector subtracts 1 from the count.
6. If the count reaches a preset threshold, LocalDirector fails the server.
Many kernels do not accept a TCP connection (SYN) if there is no process listening on the port that the client is attempting to connect to. Some kernels, though, mistakenly do accept the connection (SYN/ACK). Because the server is responding (with a SYN/ACK, but not with data), LocalDirector does not recognize this as a real server failure.
The data command determines the number of connections to allow to a real server where data has been not been sent back to the client, regardless of the SYN/ACK response. Once a real server reaches this number, LocalDirector checks whether other machines bound to the virtual server are also at 80 percent of their threshold capacity (based on the DataIn value). If the other machines are close to reaching this value, LocalDirector assumes the site is busy and does not fail the server.
If the other machines are not at this capacity, LocalDirector fails the real server and sends the following syslog/SNMP message:
The show real command indicates the number of unanswered connections for each real server, and the show data command indicates the value set with the data command.
Examples
Related Commands
To set new LocalDirector command defaults, use the default command.
Syntax Description
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
You can set new default values for some LocalDirector commands. Once a new value is set, it is in effect until set again with the default command. Table 5-3 lists commands that can be changed and the initial default values:
Examples
Related Commands
To keep connections in LocalDirector memory after a TCP ending sequence, use the delay command. Use the no delay command to remove a delay value.
Syntax Description
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The delay command is used to put connections into a "pending deletion" state instead of removing them immediately when a TCP ending sequence is received. If the delay command is set for a virtual server, the connection remains in memory for approximately 5 minutes.
If any data arrives for the connection, it is put back in an "active" state. If any other packet comes across for the connection, the packet passes through the virtual server, but the connection is not considered active.
Use this command only when responses to and from clients are often dropped, especially during the closing of TCP connections. For example, there is a known bug with the Trumpet WinSock stack running on Windows 3.11 in which HTTP GET requests are sent out of order, and this causes LocalDirector to drop the connection even though it has not been completed.
Examples
Related Commands
To exit privileged mode and return to unprivileged mode, use the disable command.
Syntax Description
This command has no keywords or arguments.
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The disable command exits privileged mode and returns you to unprivileged mode. Use the enable command to return to privileged mode.
Examples
Related Commands
To enable the Dynamic Feedback Protocol (DFP) load manager on LocalDirector to connect to a DFP agent listening for DFP connections on a particular IP address and TCP port combination on a server host, use the dynamic-feedback command. Use the no dynamic-feedback command to disable the connection to a particular IP address and TCP port combination. The command line abbreviation is dfp.
Syntax Description
|
|
Note Wildcards are not supported in any of the entries. |
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The dynamic-feedback command opens a TCP connection between the LocalDirector DFP manager and the DFP agent on a server. The connection is specified by the server IP address and the TCP port.
A DFP agent collects load statistics on a server and returns a load metric to the DFP manager. LocalDirector uses the metric to make load-balancing decisions. The message content is specified
by DFP.
In the normal configuration, each server in the server farm hosts a DFP agent that collects load information from its host. However, it is also possible for a DFP agent on one server to collect load information from the other servers through local connections. This allows the DFP manager to collect the load metrics for all the servers from a single DFP agent.
The connection that is set up by the dynamic-feedback command is not secure. To set up a secure connection, use the dynamic-feedback-pw command.
The keywords attempts and retry specify how to reconnect to the DFP host if the connection times out or becomes disconnected. If the timeout keyword is used to specify a timeout value, the TCP connection is closed between LocalDirector and the DFP server when the inactivity period on the connection exceeds the timeout value.
Wildcards are not supported by the dynamic-feedback command.
Examples
The following command specifies that the connection between the host 10.10.10.253 and LocalDirector, over port 8002, will not time out:
Related Commands
To enable listening for connection requests from Dynamic Feedback Protocol (DFP) managers, use the dynamic-feedback-agent command. To disable listening for DFP connection requests from DFP managers, use the no dynamic-feedback-agent command.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The dynamic-feedback-agent command activates the DFP agent on LocalDirector, which allows the DFP agent to service DFP manager connection requests on the TCP port specified by the optional port parameter. The DFP agent reports a load metric for each virtual server configured on LocalDirector. The DFP agent also reports on the client network bindings configured on LocalDirector. The DFP manager uses this information to enable quality of service (QoS) controls on connection requests sent to the virtual servers supported on LocalDirector.
DFP managers can reside anywhere on the network that has IP access to LocalDirector. For example, a DFP manager on a Cisco Systems DistributedDirector can use the load metrics from the LocalDirector DFP agent to distribute network traffic to virtual servers based on their availability.
Wildcards are not supported by the dynamic-feedback-agent command.
The abbreviation dfp can be substituted for dynamic-feedback at the CLI.
|
Note The no dynamic-feedback-agent command closes all DFP manager connections to LocalDirector. |
Examples
The following example does not specify the monitoring port, so port 8080 is used by default.
Related Commands
To specify Dynamic Feedback Protocol (DFP) manager hosts that can connect to the LocalDirector for DFP communications, use the dynamic-feedback-agent-ip command. To close a host connection to the LocalDirector, use the no dynamic-feedback-agent-ip command.
Syntax Description
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The LocalDirector DFP agent uses the host IP address to identify which DFP managers can connect and request server availability information. You can enter up to 256 IP addresses. LocalDirector can support up to 256 connections at one time.
DFP manager hosts ordinarily initiate and terminate connections. However, you can terminate a connection at the LocalDirector by using the no dynamic-feedback-agent-ip command.
A connection is not secure unless the password option is used. The option provides for MD5 encryption in both directions.
DFP managers can reside anywhere on the network that has IP access to LocalDirector. For example, a DFP manager on a Cisco Systems DistributedDirector can use the load metrics from the LocalDirector DFP agent to distribute network traffic to virtual servers based on their availability.
Wildcards are not supported by the dynamic-feedback-agent-ip command.
The abbreviation dfp can be substituted for dynamic-feedback at the CLI.
Examples
Related Commands
show dynamic-feedback-agent-ip
To configure a password for TCP connections between a Dynamic Feedback Protocol (DFP) manager on LocalDirector and a DFP agent on a server, use the dynamic-feedback-pw command. Use the no dynamic-feedback-pw command to disable the password (which also closes the connection).
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The dynamic-feedback-pw command provides an MD5 secure connection between the DFP manager on LocalDirector and the DFP agent on the server. In this secure environment, DFP messages from the server are discarded unless they contain the MD5 code.
DFP allows servers to provide feedback to LocalDirector about their current loads. DFP also allows servers to take themselves in and out of service. This feature presents a security risk if the network security is compromised, because it allows an invader to take servers out of service. The MD5 code restricts this possibility.
The dynamic-feedback-pw command can be issued before or after the dynamic-feedback command. If it is invoked before, the configuration exists but is considered not connected.
Wildcards are not supported by the dynamic-feedback-pw command.
The abbreviation dfp can be substituted for dynamic-feedback at the CLI.
Examples
The following example shows the dynamic-feedback-pw command being invoked before the dynamic-feedback command. The results of the show dynamic-feedback command illustrate that the connection has not been initiated.
Related Commands
To enter privileged mode, use the enable command.
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The enable command starts privileged mode. LocalDirector prompts you for your privileged-mode password. When you first configure LocalDirector, a password is not required and you can press the Enter key at the prompt. Use the disable command to exit privileged mode.
In the following example, note that the prompt changes from ">" to "#" when you enter privileged mode.
Examples
Related Commands
To set or change a privileged mode password, use the enable password command.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The enable password command sets or changes the privileged mode password, for which you are prompted after you enter the enable command.
Examples
Related Commands
To enable access to the optional failover feature, use the failover command. Use the no failover command to disable the failover feature.
Syntax Description
|
Defaults
The default configuration includes the no failover command; however, if the failover cable is present at bootup, it will be detected automatically and failover will be enabled.
Command Modes
Usage Guidelines
Failover provides a mechanism for LocalDirector to be redundant by allowing two identical units to have the same functionality. Both LocalDirector units must run the same version of software, and the failover cable must be used to connect the two units. The failover command without an argument indicates that you have connected the failover cable and intend to use a secondary unit to back up the primary LocalDirector. Use the show failover command to verify the status of the connection and to determine which unit is active. Use the replicate command to maintain connection state on a per virtual server basis.
|
Note Turn off unused interfaces with the shutdown command, or the LocalDirector unit will be seen as failed. |
Failover works by passing control to the standby unit should the active unit fail. The changeover between units occurs within 30 seconds of the failure event. The markings on the failover cable let you choose which unit is primary and which is secondary.
Use the failover active command to initiate a failover changeover from the standby unit, or the no failover active command from the active unit to initiate a failover changeover. You can use this feature to force an active unit offline for maintenance.
|
Note Use identical LocalDirector units as failover pairs. Make sure that the hardware platform
and the number and type of interfaces on each unit are the same.Failover works in a
switched environment as long as both units are running LocalDirector Version 1.6.3 or later. |
Failover only works with the Cisco failover cable. LocalDirector failover does not work with any other vendor's DB-15 to DB-15 cables. Ensure that each end of the LocalDirector cable is connected to a LocalDirector unit.
Because configuration replication is automatic from the active unit to the standby unit, configuration changes should be entered from the active unit only.If your network configuration uses switches with spanning tree, make sure the MAX convergence time is set to less than 30 seconds. On Cisco switches, use the portfast option on the port connected to LocalDirector.
Examples
In this example, the IP address is on the same network as the system IP address, which is 192.168.1.1. The IP address that the secondary LocalDirector uses to communicate with the primary LocalDirector is set to 192.168.1.2.
Related Commands
To assign a failover alias IP address, use the failover alias ip address command.
Syntax Description
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
Failover provides a mechanism for LocalDirector to be redundant by allowing two identical units to have the same functionality. To take advantage of multiple IP addresses or dispatched mode, or to allow the failover unit to be on a different network from that of the real servers, use the failover alias ip address command to set up an alias on the standby failover unit. A maximum of 256 aliases is allowed.
Examples
In this example, an alias IP address on the secondary LocalDirector is created for the failover environment.
Related Commands
To define how many consecutive seconds can pass without receiving a hello packet before LocalDirector reaches a failover state and initiates a backup routine, use the failover hellotime command. Use the
no failover hellotime command to reset the seconds value to 30 seconds.
Syntax Description
|
Defaults
The default value is 30 seconds.
Defaults
Usage Guidelines
LocalDirector units in a failover configuration exchange hello packets every 5 seconds across the failover cable and the network interfaces in order to detect communication faults in each other. The failover hellotime command defines how many consecutive seconds can pass without receiving a hello packet before LocalDirector reaches a failover state and initiates a backup routine. The failover state is evaluated in 5-second intervals. For example, if the failover hellotime is 30 seconds, six 5-second intervals must pass without receiving a hello packet before the initiation of a backup routine.
Examples
Related Commands
To set the failover IP address, use the failover ip address command.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
Failover provides a mechanism for LocalDirector to be redundant by allowing two identical units to have the same functionality. Use the failover ip address command to set the IP address on the standby unit.
Examples
The following output shows that failover is on, and the primary unit state is active:
The following example shows the show failover output if failover has not started monitoring the network interfaces:
|
Note The indication "Waiting" indicates that monitoring of the network interfaces of the other unit has not yet started. |
Related Commands
To take a unit out of the failed state, use the failover reset command.
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
Failover provides a mechanism for LocalDirector to be redundant by allowing two identical units to have the same functionality. To take a unit out of the failed state, power cycle the unit or use the failover reset command. The failover reset command also clears failover timers and counters for the LocalDirector unit. When a failed primary unit is fixed and brought back online, it does not automatically resume as the active unit. This action ensures that active control does not resume on a unit that could immediately enter a failed state again. However, if a failure is due to a lost signal on a network interface card, failover autorecovers when the network is available again.
Related Commands
To display help information, use the help command.
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The help or ? command displays help information about all commands. You can view help on an individual command by entering the command name followed by a question mark. The command line prompt returns with the command syntax, and the command appears on the command line.
Use the pager command to control the display output.
Enter ? at the command prompt to see a list of all of the commands available for the current mode.
Examples
Related Commands
To change the host name in the LocalDirector command line prompt, use the hostname command.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The hostname command changes the host name label on prompts.
Examples
To set the service state for a real or virtual server to in service (IS), use the in-service or is command.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The in-service (or is) command indicates that the virtual server or real server is ready to accept connections.
Examples
In the following example, the is command is used with the all keyword to put all ports of real server 192.168.1.1 in service. This puts all ports of the real server (both default and port-bound) in service with just one command.
Server www.domain.com is put in service by using the name of the server for server_id. Because no port is specified, only the default ports are put in service.
When port-bound server 192.168.1.3:80 is put in service, the remaining ports (both default and port-bound) are left out of service.
To configure network interfaces, use the interface ethernet command. To disable interfaces, use the shutdown ethernet command.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The interface ethernet command configures network interface boards, and their speed and duplex settings for Ethernet. Use the show interface command to view information about the interface.
To configure full-duplex Ethernet, the auto keyword is recommended, but your network interface must support autodetection. (The RNS four-port adapter cards do not support the auto keyword.) You can set the Ethernet argument to accept full duplex with the 100full keyword if the network accepts full duplex and 100-Mbps Ethernet.
|
Note In releases prior to Version 2.2.1, the no interface command was used to disable and enable access to an interface. This command is no longer used to enable and disable an interface. Use the shutdown ethernet command instead. |
|
Note If a crossover cable is used to connect LocalDirector to a Cisco 7500 series router, use the 100full keyword. Use the auto keyword for the four-port Ethernet interfaces on LocalDirector 430. |
Examples
Related Commands
To assign the system IP address for LocalDirector, use the ip address command.
Syntax Description
|
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The ip address command assigns an IP address to LocalDirector. Use the show ip address command to view the address.
In the following example, the system IP address is 192.168.1.1, and the failover IP address is 192.168.1.2. The current IP address of 192.168.1.2 indicates that this is the standby unit for failover. If the current IP address is the system IP address, the unit is active. If the current IP address is the failover IP address, the unit is standby.
|
Note You cannot use the Cisco IOS traceroute command with the LocalDirector IP address. The traceroute command can only be used with virtual IP addresses. |
Examples
Related Commands
To terminate a Telnet session, use the kill command.
Syntax Description
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The kill command terminates a Telnet session. Use the who command or the show who command to view the Telnet session ID value. When you kill a Telnet session, LocalDirector lets any active commands terminate and then drops the connection without warning to the user.
Examples
Related Commands
To set the maximum number of connections that LocalDirector sends to a real server, use the maxconns command. To remove a maxconns value, use the no maxconns command.
Syntax Description
|
Defaults
The default value for the maxconns command is 0, or unlimited connections.
Command Modes
Usage Guidelines
You can set the maximum number of connections that a real server accepts to avoid overloading the server. If the server reaches the maximum connection value, or if the virtual server is failed or out of service, LocalDirector responds with a TCP RST packet for all new connections to that server.
When a virtual_id is specified, all real servers represented by that virtual server are affected by this command. When all real servers represented by the virtual ID reach the maximum number of connections, the following message appears:
No other connections are sent to this virtual server until the real servers process their connections.
Examples
Related Commands
To specify the maximum transmission unit (MTU) value for the specified network interface, use the mtu command.
Syntax Description
Defaults
For Ethernet interfaces, the default MTU should be 1500 bytes in a block.
Command Modes
Usage Guidelines
The value for the mtu command depends on the type of network interface specified in the interface command. The minimum value for bytes is 64 and the maximum is 65535 bytes.
Examples
Related Commands
To enable the Routing Information Field (RIF) for FDDI interfaces, use the multiring command. Use the no multiring command to disable the RIF.
Syntax Description
Defaults
Command Modes
Usage Guidelines
The multiring command enables an interface's ability to collect and use source-route information (RIF) for routable protocols. The all keyword enables the multiring for all frames.
In FDDI (and Token Ring), if the upper bit of the source MAC address is set, LocalDirector expects a RIF field to be present in the MAC header. If this field is not present, the packet will be processed incorrectly. Some systems, for example DECnet, set this bit even though no RIF field is present. If source-route bridging is not being used in your network, disable multiring support with the no multiring command on LocalDirector and it will ignore this bit.
|
Note If using DECnet in a non-FDDI environment, use the no multiring all command. |
Related Commands
To associate a name with an IP address, use the name command. To remove an assigned name, use the no name command.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
Use the name command to identify a virtual or real server by a text name. Using a name makes it easier to change the LocalDirector configuration because you can refer to real and virtual servers by name rather than IP address; however, the port number and bind-id must be included with the name for port-bound servers and virtual servers with bind-ids. The name command can be used before or after a server is defined.
The name command is optional, and it is not related to DNS. It provides a means of making LocalDirector servers easier to configure, and the names associated with the configuration need not be synchronized with DNS.
Examples
In the example that follows, the name command identifies the IP address 192.168.1.1 as "v1." The address is then defined as a virtual server with the virtual command. These commands create a virtual server with a default port of 0 and a bind-id of 0.
Two more virtual servers are created using the same name, and they are bound to port 80 with bind-ids of :1 and :2.
A virtual server is created with an IP address of 192.168.1.2 that is bound to port 443 and has a bind-id of :1. The name command is then used to identify IP address 192.168.1.2 as "v2" after the virtual server is defined.
The name "v1" is used as the virtual_id with the is command and the all keyword to put all virtual servers with IP address 192.168.1.1 in service.
The name "v2" is used to identify a virtual server bound to port 80 with a bind-id of :1.
Related Commands
To determine whether IP addresses or server names appear in screen output, use the names command. Use the no names command to disable the display of names in screen output.
Syntax Description
This command has no keywords or arguments.
Defaults
No default behavior or values.
Command Modes
Privileged, configuration and replication
Usage Guidelines
You can use either the server name or IP address to configure real and virtual servers regardless of whether the names command is on or off. The status of the names command does not affect the write terminal and show configuration commands. Use the show names command to check the status of names.
Examples
Related Commands
To set the service state for a virtual server or real server to out of service (oos), use the out-of-service command, which can be abbreviated as oos.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
When you set the service state for a real server to out of service, LocalDirector does not assign new connections to it, but lets old connections continue to run until they have been completed. An out-of-service real server can still be accessed by clients specifying its actual IP address. Use the show real command to watch the status of open connections; when all connections appear as OOS, you can power down the server or reconfigure it as required.
Examples
In the following example, the oos command is used with the all keyword to take all ports of real server 192.168.1.1 out of service with just one command.
Server www.domain.com is placed out of service by using the name of the server for real_id or virtual_id. Because no port is specified, only the default ports are taken out of service.
When port-bound server 192.168.1.3:80 is placed out of service, the remaining ports (both default and port-bound) are left in service.
Related Commands
To control display output, use the pager command. Use the no pager command to remove paging control.
Syntax Description
This command has no keywords or arguments.
Defaults
The pager command is on by default.
Command Modes
Unprivileged, privileged, and configuration
Usage Guidelines
If the pager feature is on, by default, one screen of output is displayed at a time. Press the Spacebar to display the next page of information, and press Enter to display the next line. Press the Q key to stop the output and return to the system prompt.
Use the show pager command to see if the pager option is on or off.
|
Note Changes for the default pager output are valid during the current login session. When you log out, the pager output resets to the default. |
Examples
Related Commands
To set the number of lines in the pager display output, use the pager lines command.
Syntax Description
Defaults
No default behavior or values.
Command Modes
Unprivileged, privileged, and configuration
Usage Guidelines
If the pager option is on, by default, one screen of output is displayed at a time. Use the pager lines command to change the number of lines that appear per screen.
Examples
Related Commands
To modify a Telnet login password, use the password command.
Syntax Description
|
Defaults
The default password is cisco.
Command Modes
Usage Guidelines
The password command sets a password for Telnet access. It should be changed from the default.
Examples
Related Commands
To send a ping request message, use the ping command.
Syntax Description
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The ping command determines whether LocalDirector has connectivity or whether a host is available on the network. The command output shows whether the response was received; that is, that the host exists on the network. If the host is not responding, ping displays this message:
Use the show interface command to ensure that LocalDirector is connected to the network and has connectivity.
Examples
In the following example, three attempts reached the specified address:
Related Commands
To turn on the ability to ping a virtual address, use the ping-allow command. Use the no ping-allow command to turn off the ability to ping a virtual address.
Syntax Description
Defaults
The default is to not allow a virtual address to be pinged.
Command Modes
Usage Guidelines
By default, virtual addresses cannot be pinged, which helps protect virtual addresses from an Internet Control Message Protocol (ICMP) echo flood.
Use the ping-allow command to enable a LocalDirector virtual address to respond to a ping request.
Examples
The following example allows a virtual address to be pinged from interface 0:
Related Commands
To choose the type of load balancing for each virtual server, use the predictor command.
Syntax Description
|
Defaults
The default load-balancing mode is leastconns with round-robin slowstart.
Command Modes
Usage Guidelines
Each virtual server can have a different predictor option. The show virtual command places an asterisk (*) next to the active predictor, indicating whether the virtual server is using the selected predictor value, or is in slowstart mode.
The slowstart option is available for the leastconns or weighted arguments. When slowstart is enabled, LocalDirector rotates through the servers until the number of connections reaches a predetermined level, which avoids overloading a server with too many requests when it is brought in service. The slowstart option is enabled by default.
The fastest keyword directs the network connection to the server with the fastest response rate, although it does not perform consistently in varying server configurations. Web server performance, in particular, does not follow a linear progression of response time to number of connections. Web servers seem to respond flatly up to a point, and then at a certain load there is a sharp, dramatic increase in the response time. In these situations, the fastest keyword will tend to overload a particular server before moving on to another.
The roundrobin keyword directs the network connection to the next server, and treats all servers as equals, regardless of the number of connections or response time. Although the LocalDirector round-robin predictor appears similar to a DNS round-robin, it is superior because no propagation delay or caching hinders the algorithm. Also, LocalDirector can determine when a server is not responding, and avoid sending connections to that server.
The leastconns keyword directs network connections to the server with the fewest connections. Although it may not be intuitively obvious that the leastconns predictor would provide effective load balancing, in fact it is quite successful. At Web sites where there is a collection of servers with similar performance, the leastconns predictor is effective in smoothing distribution when a server becomes bogged down. In sites where there are large differences in the capacity of various servers, the leastconns predictor is also very effective. In maintaining the same number of connections to all servers, those servers that are capable of processing (and thus terminating) connections the fastest will receive more connections over time. A server deemed to be twice as powerful as another server receives about twice as many connections per second.
Use the loaded keyword to give each server a weighted number of connections in a row (round-robin style) before proceeding to the next server on the list. For example:
Server 1 will receive two connections, then Server 2 will receive four connections, and then Server 3 will receive one 1 connection, and so on.
The weighted keyword allows you to assign a performance weight to each server. Weighted load balancing is similar to the function of the leastconns keyword, but servers with a higher weight value receive a larger percentage of connections at any one time. LocalDirector administrators can assign a weight to each real server, and LocalDirector uses this weight to determine the percentage of the current number of connections to give each server. The default weight is 1.
For example, in a configuration with five servers, the percentage of connections is calculated as follows:
This distribution results in server1 getting 7/24 of the current number of connections, server2 getting 8/24, server3 getting 2/24, and so on. If a new server, server6, is added with a weight of 10, it will get 10/34, and so on.
The weighted predictor gives new connections to the real server that is in most need of a connection, based on how many connections the virtual server and real machines bound to it have at that moment.
Virtual server 1.1.1.1 has 50 connections and is bound to real servers 1.1.1.2, 1.1.1.3, and 1.1.1.4.
real server 1.1.1.2 has 20 connections with a weight of 3
real server 1.1.1.3 has 10 connections with a weight of 2
real server 1.1.1.4 has 15 connections with a weight of 4
Based on weights, the load should be distributed as follows:
real server 1.1.1.2 gets 3/9 of connections, which is 33%
real server 1.1.1.3 gets 2/9 of connections, which is 22%
real server 1.1.1.4 gets 4/9 of connections, which is 44%
The actual percentage of connections to the real servers is as follows:
real server 1.1.1.2 has 20/50 connections, or 40%
real server 1.1.1.3 has 10/50 connections, or 20%
real server 1.1.1.4 has 15/50 connections, or 30%
Thus, real server 1.1.1.4 will receive connections to bring it closer to having 44% of the connections at the time.
|
Note The weight command is used to set the weight values for the real servers, and the predictor command is used to set load balancing to the weighted option. |
Examples
Related Commands
To define a real server, use the real command. Use the no real command to remove a real server from LocalDirector.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
Real servers are actual host machines with unique IP addresses that provide IP services to the network. Real servers can still be accessed using their actual IP address.
Use the show real command to check the service state of real servers. Possible service states are:
Examples
Although a space can be used as a delimiter for port-bound servers, a colon is preferred. Note that the port is 0 by default, and the is (in service) command is used to put the port 80 server in service when it is defined.
The show real command provides the information shown in Table 5-4.
Table 5-4 show real Field Descriptions
|
Related Commands
To set the number of retries to a real server before the connection is reassigned to another server, use the reassign command.
Syntax Description
|
Defaults
Command Modes
Usage Guidelines
LocalDirector counts the number of TCP SYN packets per connection. When the number of allowable retries is exceeded, LocalDirector reassigns the next TCP SYN packet for the connection to another real server.
|
Note If a real server returns a TCP RST, LocalDirector reassigns the connection to another real server on the next TCP SYN from the client. |
When a virtual_id is specified, all real servers represented by that virtual server are affected by
this command.
Examples
Related Commands
To set the type of load-balancing redirection for the virtual server, use the redirection command.
Syntax Description
|
Defaults
By default, LocalDirector uses directed mode. If used, the casa igmp default is 224.0.1.2, the casa wildcard-ttl default is 1 minute, and the casa fixed-ttl default is 1 minute.
Command Modes
Usage Guidelines
The redirection command allows you to change the way packets pass through LocalDirector.
Directed mode uses NAT to translate the IP headers in packets. NAT, supported in LocalDirector since Version 1.0, provides quick setup with no network address changes, reducing system administration time.
Using NAT may not always be the best solution, however. Some protocols embed the IP address within the payload, causing a problem when a packet is encrypted. Additionally, searching though an entire payload for an IP address is processor-intensive and time-consuming. In these cases, performance can be increased using dispatched mode.
Dispatched mode increases traffic throughput, but requires an additional setup of assigning an alias IP address on a real server that matches the virtual IP address on LocalDirector. Dispatched mode should be used for UDP and TCP when the IP address information needs to remain unchanged.
|
Note Traffic containing data packets is transparently passed by LocalDirector with the ASLB feature, and no DataIn counters are incremented. The data command is used to limit the number of connections to a real server that is not sending data packets. LocalDirector can fail a real server based on DataIn counters. You cannot use the data command to fail real servers that are not sending data packets with an ASLB configuration. |
The following casa options are not functional unless LocalDirector is part of the CASA environment:
Use the casa igmp keyword to set the multicast group address for the CASA components on LocalDirector. Messages between the Service Manager and Forwarding Agent are sent using multicast to the members of this group. By default, the IGMP group address is 224.0.1.2. Use the no form of this command to remove a component from the group.
Use the casa wildcard-ttl keyword to set the Time To Live value for the wildcard affinity connection objects on the Forwarding Agents. The Service Manager is responsible for ensuring the wildcard affinities are refreshed before they time out. The default value is 1 minute.
Use the casa fixed-ttl keyword to set the Time To Live value for the fixed affinity connection objects. The fixed-affinity connection objects default Time To Live value is 1 minute.
|
Note To remove a redirection configuration, use the redirection virtual_id directed command. |
Examples
This example configures CASA mode for selected virtual servers.
In this example, the redirection command with the dispatch assisted option enables ASLB for the virtual server.
Related Commands
To reboot and reload the configuration, use the reload command.
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The reload command reboots LocalDirector and reloads the configuration from Flash memory.
Before starting, you are prompted for confirmation with this message:
Examples
To enable stateful failover, use the replicate command. Use the no replicate command to disable stateful failover on a virtual server.
Syntax Description
|
Defaults
The default interface number is 0.
Defaults
Usage Guidelines
Connection replication is a property of the virtual server, and it is set and cleared with the replicate command. With this command, all established connections are replicated to the standby unit. In the event of a LocalDirector failure (with failover configured), the standby unit has information for current connections, and keeps connections to the virtual server alive.
Replication can be set on a per virtual server basis, which means you can turn it on for 3270 traffic and leave it off for HTTP traffic. We do not recommend that LocalDirector maintain state for short-lived connections.
|
Note Proxy connections are not replicated, including those using the SSL option of the sticky command. |
Use the replicate interface command to dedicate an interface to stateful failover.
Examples
Related Commands
To take a server out of service, and then bring it back in service, use the restart command.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Privileged, configuration and replication
Usage Guidelines
The restart command takes a server out of service and puts it back in service with one command.
|
Caution All connections to virtual servers or real servers are cleared during a system restart. |
Examples
To specify the number of minutes before a failed server is sent a live connection to check its state, use the retry command.
Syntax Description
|
Defaults
The default retry interval is 1 minute.
Command Modes
Usage Guidelines
The retry command sets the number of minutes before a failed real server is assigned another connection. If the retry is set to zero (0), the failed server is not retried until the server is brought back into service with the in-service command or if the autounfail command is set.
When a virtual_id is specified, all real servers represented by that virtual server are affected by this command.
|
Note If the retry value for a real server is left at the default setting of 1 minute, the value does not appear with the write terminal or show configuration command. It does appear with the show retry command. |
Examples
Related Commands
To enable IP routing table updates from Routing Information Protocol (RIP) broadcasts that are received, use the rip passive command. To disable routing table updates, use the no rip passive command.
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
If you have RIP on your network, enter the rip passive command. If you are not using RIP on your network, you must assign a static route with the route command. LocalDirector does not broadcast RIP; it only listens to RIP.
See Table 5-5 to determine which software versions for LocalDirector can support the two RIP versions.
Table 5-5 LocalDirector Software Versions and RIP Versions
|
Examples
Related Commands
To enable IP routing table updates from Routing Information Protocol (RIP) broadcasts that are received, use the rip version command.
Syntax Description
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
See Table 5-6 to determine which software versions for LocalDirector can support the two RIP versions.
Table 5-6 LocalDirector Software Versions and RIP Versions
|
Examples
Related Commands
To add a static route to the IP routing table, use the route command. Use the no route command to clear the route.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
If you want to change an existing route, you must first use the no route command to clear the route, and then specify the new route with the route command. Defining a new IP route with the route command does not overwrite a route that is already established.
Examples
Related Commands
To turn bridging off per interface, use the secure command. Use the no secure command to turn bridging on per interface.
Syntax Description
Defaults
Command Modes
Usage Guidelines
The secure command blocks bridged traffic bound for a specific interface in LocalDirector without affecting traffic that is load balanced through a virtual server. Only traffic being serviced by a virtual server traverses the interface, and no traffic is bridged to or from the interface.
|
Note Never set the default gateway IP address for a real server to that of LocalDirector. |
Examples
Related Commands
To set the type of service enhancements provided by the virtual server, use the service command. Use the no service command to disable the service.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
Version 3.1.3 and earlier releases of LocalDirector supported load-balancing FTP service in a way that worked, but was not foolproof. Because an FTP session consists of a control and a data connection, LocalDirector must monitor the control connection to discover which data connections will be created so it can attach those data connections to the same server handling the control connection. This default support for FTP monitors the control connection on a packet-by-packet basis, and it does not work if the packets are out of order or if a control command spans packets.
The service virtual_id ftp-proxy command specifies that the virtual server specified by virtual_id provides FTP service. LocalDirector monitors the control connection (by acting as a proxy server); therefore, this service is about 100 percent foolproof. The trade-off is that each FTP session now consumes more resources in LocalDirector.
|
Note This command is not compatible with the Cisco Appliance Server Architecture (CASA) environment. |
Examples
TCP connections going to port 21 of 10.10.10.202 are received by LocalDirector (acting as a proxy server) and monitored for FTP commands that create data connections:
TCP connections going to port 1066 of 10.10.10.204 are received by LocalDirector (acting as a proxy server) and monitored for FTP commands that create data connections:
Related Commands
To view LocalDirector information, use the show command.
Syntax Description
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The show command with a LocalDirector command as an argument displays the value assigned by that command. For example, show real displays all of the real servers defined in the configuration.
Any settings left at their default values do not appear with the write terminal command. Use the show command and the command associated with the setting to view the default value in the configuration (for example, show retry). The only exception is the show configuration command, which displays the configuration stored in Flash memory, and therefore does not include default values either.
The pager command is used to control the display of show command output.
Examples
An example of the output from the show ? command follows. The show ? command displays the names of the arguments that can be used with show.
Related Commands
show pager lines
To show system buffer utilization, use the show blocks command.
Syntax Description
This command has no keywords or arguments.
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
A block (buffer) is the resource used to store packets from the network.
Examples
A description of the show blocks command output is provided in Table 5-7.
Table 5-7 show blocks Command Output
|
|
Note When LOW is 0, it means that LocalDirector has run out of that size block at some time since reboot. Use the number of No Buffer packets from the show interface command output to see the number of packets dropped. |
To show the details of the LocalDirector resources (connection objects) in memory, use the show connections command.
Syntax Description
This command has no keywords or arguments.
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The show connections command displays a variety of physical memory objects by their type, the number of objects currently being used, and the maximum number of objects used. The display also includes the total number of connections allocated (Total Allocated) and the maximum number of connections that could be allocated at boot time (Total Allocatable).
Examples
Total Allocated = 40960 Total Allocatable = 144898
To show LocalDirector failover status, cable status, primary and secondary host status, and interface descriptions, use the show failover command. The abbreviated form of the command is sh fail.
Syntax Description
This command has no keywords or arguments.
Defaults
No default behavior or values.
Command Modes
Usage Guidelines s
The show failover command displays the state of failover (on or off), different information about the status of the failover cable, descriptions about this LocalDirector operational state, its active time, all interface IP addresses and their status, descriptions about the other LocalDirector operational state, its active time, and all interface IP addresses and their status.
Examples
See Table 5-8 for descriptions of the fields in the show failover command.
Table 5-8 show failover Command Descriptions
|
To show the details of the hardware version of LocalDirector, use the show hardware command.
Syntax Description
This command has no keywords or arguments.
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The show hardware command displays hardware details that can be used by the Technical Assistance Center for network management, troubleshooting, and administration purposes.
Examples
To show LocalDirector virtual servers, the number of active connections for each virtual server, and the current number of open TCP connection handshakes, use the show syn command.
Syntax Description
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The show syn command displays the virtual server addresses, the total number of active connections (Conns), and the current number of open TCP connection handshakes (Syn Count). The Syn Count is decremented by LocalDirector after a connection handshake has been completed. The Syn Count can be used to estimate the number of unanswered SYNs for virtual IP addresses. The synguard command can provide limited protection to the virtual IP address against SYN attacks.
Examples
Related Commands
To disable an interface, use the shutdown command. To enable an interface, use the no shutdown command.
Syntax Description
Syntax Description Syntax Description
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
Use the shutdown command to disable access to a network interface. It is important to shut down an interface if failover is configured, because failover sees the unused interface as failed if it is not turned off.
Examples
To enable an interface and configure its speed, use the following commands:
To disable this same interface, use the following commands:
Use the write memory command to save configurations to Flash memory.
Related Commands Related Commands
To configure the LocalDirector SNMP agent, use the snmp-server command. Use the no snmp-server command to reconfigure the LocalDirector SNMP agent.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The snmp-server contact, snmp-server host, snmp-server location, and snmp-server community commands configure the SNMP agent on LocalDirector. LocalDirector converts the contact and location information to lowercase.
|
Note LocalDirector does not allow SNMP management stations to poll or send SNMP traps until you configure the snmp-server host command. |
The snmp-server enable traps command can be used to enable SNMP traps if traps were turned off with the no snmp-server enable traps command. By default, SNMP traps are enabled. Follow this procedure to configure SNMP:
Step 2 Designate up to 64 SNMP management stations that are allowed to access LocalDirector, and that can receive SNMP traps using the snmp-server host command.
|
Note The new version of MIBs (use the posted date to determine the most recent version) must be installed for LocalDirector Version 3.1 and later. |
All of the HP OpenView (HPOV) commands are in the /opt/OV/bin directory. When using HPOV, you must use a name for LocalDirector, and the name must be listed in the /etc/hosts file. The LocalDirector MIB depends on the following MIBs:
|
Note If you do not load the MIBs, then you need to use the raw object identifiers (OIDs); however, if you load the MIBs first, you can use MIB names. |
Follow this procedure to load the MIB files using the CiscoWorks for Windows program (Castle Rock SNMPc):
|
Note All of the required Cisco MIB files end with the .my extension. SNMPc expects
MIB files to end with the .mib extension. You can either rename the files locally,
or specifically search for the .my extension when prompted for file locations. If you do neither, the downloaded files will not appear in the "Load MIBs..." dialog box file list. Also, SNMPc only displays the DOS "8.3" format, so you must either recognize the files by their truncated names, or rename the files to your liking using no more than eight characters for the name, and three for the extension. |
Step 2 Start SNMPc, and choose the Compile Mib option in the Config menu.
The Load MIBs... dialog box appears.
Step 3 Scroll to the bottom of the list.
Step 4 Choose the last item in the list.
Step 5 Add the file CISCO-SMI.my (or whatever you changed the name to).
Step 6 Choose the last item in the list (which should now be CISCO-SMI.my).
Step 7 Add the file CISCO-TC.my (or whatever you changed the name to).
Step 8 Choose the last item in the list (which should now be CISCO-TC.my).
Step 9 Add the other three files.
Step 10 Click Load All and then click OK.
The MIBs are compiled and when completed, the MIB files are loaded.
Examples
Related Commands
To translate a real server IP address to that of a virtual server, use the static command.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
Use the static command to translate a real server address to a virtual server address. This translation allows the real server to make outbound connections, but keeps the IP address hidden outside the LocalDirector network (the virtual_id is used as the source address).
For outbound connections that the real server makes (not in response to a user accessing the virtual server), the IP address is translated to the virtual IP address identified by the static command. The outbound connection count is displayed with the show static command.
If the real_ip exists as a real server, then the outbound connection is counted toward the number of connections for that real server (that is, it will affect load balancing); otherwise, the connection is only translated and does not affect load balancing.
Examples
Related Commands
To set the number of inactivity minutes between connections before the client is sent to another server, use the sticky command. To disable the sticky feature, use the no sticky command.
Syntax Description
|
|
Note LocalDirector stores a maximum of 128 characters for the name from the HTTP set-cookie: NAME = VALUE. The name value must be unique within the range of 128 characters for proper load balancing to occur. If the values are unique after 128 characters, proper load balancing cannot occur because LocalDirector ignores data after 128 characters. |
|
Note If two servers have the same cookie name and value, the client sessions do not stick with one particular server. |
Defaults
The default sticky interval is 0 minutes (sticky is off).
Command Modes
Usage Guidelines
To delete sticky associations on the specified virtual server or real server, use the clear sticky command. To show the sticky associations on the specified virtual server or real server, use the show sticky command.
|
Note The ssl option is not compatible with the CASA environment. The buddy command cannot be used to group a virtual server using the sticky command ssl option with a virtual server using the sticky command generic option. If an SSL sticky server returns a TCP RST, LocalDirector reassigns the connection to another real server immediately. |
The sticky command ensures that the same client gets the same server for multiple connections. The connection is based on IP address for generic or sticky session ID for ssl. The sticky command is used when applications require a consistent and constant connection to the same server. If you are connecting to a system that keeps state tables about your connection, sticky allows you to get back to the same real server again and retain the statefulness of the system. For example, if an online form is being completed by a client, the sticky command ensures that multiple connections are sent to the same server to complete the transaction.
The sticky command is not timing how long a client is connected; it is timing periods of inactivity. If the minutes parameter of the sticky command is set to 5, and the client is active, new requests from the client are not sent to another server through load balancing, even if 5 minutes have elapsed. However, if 5 minutes of connection inactivity elapse, the requests from the client could be sent to another real server.
If the maximum number of connections (established with the maxconns command) will be exceeded by a new connection, a new host is chosen and sticky information is updated to reflect the new host. Then all future connections (within the sticky number of minutes) go to the new host.
Use the show sticky or show virtual commands to display the sticky command minutes value. Use the no sticky command to return to the default value of 0.
Use the clear sticky command to delete sticky associations on the specified virtual server that match the minutes parameter; if the minutes parameter is set to 0, then delete all associations.
The sticky command can also be used in conjunction with the buddy command to establish a sticky relationship between two virtual servers. The buddy command cannot be used to establish a sticky relationship with a virtual server running SSL and a virtual server configured with the generic option. The buddy command can be used only with virtual servers configured with the generic option.
|
Note The sticky command with the generic keyword only monitors the source and destination IP address. If a proxy server is used to launch connections (all source IP addresses are the same), then use the sticky command with the ssl keyword. The first example that follows shows the sticky command used to set up proxy requests. |
|
Note If the replicate command has been applied to a virtual server that is using the cookie-insert or cookie-passive options, you must supply cookie information for replicated connections. This information includes the connection information for the client, virtual server and real server, the TCP sequence and acknowledgment number differences, and the cookie generated by the real server (cookie-passive relationships only). |
Examples
In the following example, the virtual command is used to identify 192.168.1.1:443 as a virtual server accepting traffic on port 443 (SSL), and 192.168.1.1:80 as a virtual server accepting HTTP traffic. The sticky command is used to ensure that SSL requests from the same client will be sent to port 443 on real server 192.168.1.1:443 until 10 minutes of inactivity have elapsed:
|
Note You must set the sticky minutes parameter to match the timeout value of the server. |
In the following example, the virtual command is used to identify 192.168.1.1:444 as a virtual server accepting traffic on port 444 and 192.168.1.1:445 as a virtual server accepting traffic on port 445. The sticky command is used to ensure that requests from one client are sent to port 444 for 100 minutes and requests from another client are sent to port 445 for 1000 minutes.
|
Note The cookie-insert feature adds the minutes value to the LocalDirector clock time (set by the clock set command) to calculate the date in the future when the association expires. |
Related Commands
To activate synguard mode, use the synguard command. To deactivate synguard mode, use the no synguard command.
Syntax Description
|
Defaults
Command Modes
Usage Guidelines
The synguard command provides limited protection against SYN attacks on the virtual IP address. Once the number of unanswered SYNs set with the synguard command is reached, LocalDirector starts to protect the real network and servers from a SYN attack. A syslog message is sent when LocalDirector enters synguard mode.
|
Note LocalDirector does not leave synguard mode automatically. Either reset the synguard value to 0, or raise the value. |
To use the synguard command effectively, monitor your Web site to gather statistics about the highest number of SYN counts (using the show syn command). Then, set the synguard level to a percentage (perhaps 10 to 15 percent, or whatever is appropriate for the site) above that number.
The show synguard command displays the number of inbound TCP SYN packets from the client for which the chosen server has not responded with a SYN ACK. Once the server responds, this counter is decremented.
Examples
Related Commands
To log messages to the syslog server, use the syslog command. Use the no syslog command to stop the messages.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
Use the syslog host command to specify the system that is to receive syslog messages. Messages are sent to the syslog host over UDP. You can use the show syslog command to view previously sent messages.
The syslog console command is not stored in the LocalDirector configuration and is valid only for the current session. After you log out, the syslog console command is reset to the default because the console for a Telnet user may not be available when LocalDirector is rebooted, thus causing a problem. The syslog console command must be entered each time you want the syslog output to come to your console, whether it is the actual serial line console or a Telnet console.
Logging is enabled by configuring LocalDirector with the IP address of the log host.
Follow this procedure to configure syslog:
Step 2 Specify the type of syslog messages to accept with the syslog output command.
Step 3 Use the show syslog command to list the syslog hosts and output level.
Follow this procedure to configure a UNIX system to accept syslog messages:
Step 2 Log in to the UNIX system as root (superuser) and execute the following commands; change name to the log file where you want syslog messages to appear:
Step 3 While still logged in as root, edit the /etc/syslog.conf file with a UNIX editor and add the following selector and action pairs for each message type you want to capture:
In the syslog.conf file, configure each selector and action pair for the messages you want to receive. For example, if you want to receive messages in a file called localdirector for message priorities 0, 1, 2, and 3, and use the default LOCAL4 facility, the syslog.conf statements would be:
This configuration directs LocalDirector syslog messages to the specified file. Alternatively, if you want the message sent to the logging host console or sent as an email message to a system administrator, refer to the UNIX syslog.conf(4) manual page.
Entries in /etc/syslog.conf must obey these rules:
Inform the syslog server program on the UNIX system to reread the syslog.conf file by sending it a HUP (hang up) signal with the following commands:
The first command generates the syslog process ID (92 in this example). This number may vary by system. The second command sends syslog the HUP signal to restart.
Examples
The following example shows syslog error messages generated by a bridge loop:
Related Commands
Use the telnet command to add authorized IP addresses for Telnet access to LocalDirector. Use the no telnet command to remove Telnet access from an IP address.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The telnet command is used to identify who can configure LocalDirector through Telnet. Up to 16 hosts or networks are allowed access to the LocalDirector console, 4 simultaneously. The show telnet command displays the list of IP addresses authorized to access LocalDirector, and the clear telnet command removes Telnet access from an IP address. Use the who command to view IP addresses that are accessing LocalDirector. Use the password command to change the access password for Telnet.
Examples
Related Commands
To set the IP address of the TFTP server for storing secondary configuration information and software image files, use the tftp-server command. To remove a TFTP server, use the no tftp-server command.
Syntax Description
|
Defaults
The default port is 69. The default directory is /tftp/boot.
Command Modes
Usage Guidelines
The tftp-server command defines the IP address of a TFTP server. Secondary configuration information can be written to, and read from, a TFTP server with the write net and configure net commands. The secondary configuration contains information about virtual and real servers, server bindings, backup servers, and load balancing.
The commands associated with TFTP are as follows:
Examples
Related Commands
To configure the number of consecutive TCP connection reassignments that a real server can exhibit before LocalDirector marks the real server as failed, use the threshold command.
Syntax Description
|
Defaults
The default is eight connection reassignments.
Command Modes
Usage Guidelines
Usethe show real or show threshold commands to display real server threshold values. When the number of connection reassignments equals the threshold value, the server is failed by LocalDirector. Connection reassignments may be due to a TCP RST, or no answer from the real server.
Failed real servers are not used by virtual servers while in the failed state. However, LocalDirector periodically retests (as defined by the retry command) each failed server with a single TCP connection attempt to determine whether the server is restored. If restored, LocalDirector marks the server as in service, and starts to process virtual server requests. You can use the autounfail command to put a failed real server into testing mode when it is sending data for existing connections.
When a virtual_id is specified, all real servers represented by that virtual server are affected by this command.
Examples
Related Commands
To set the connection timeout for a real server, user the timeout command.
Syntax Description
|
Defaults
The default connection interval is 120 minutes.
Command Modes
Usage Guidelines
Idle connections time out after the number of minutes set with the timeout command for each real server. In addition, every 2 minutes LocalDirector removes any connection that has not been fully established (that is, either the client or the server did not complete the TCP handshaking sequence to establish the connection).
When a virtual_id value is specified, all real servers represented by that virtual server are affected by this command.
Use the timeout command for real servers running the connectionless UDP protocol. Because no mechanism exists within UDP to signal the end of a connection, set the duration of the UDP connection with the timeout idle_minutes setting. UDP connections can successfully use the timeout minimum, which is 5 minutes.
|
Note For servers running the UDP protocol, be sure to change the timeout default (120 minutes) to a shorter interval such as 5 minutes. |
|
Note The number of connection object resources in LocalDirector is limited (in the LocalDirector 430 there are approximately 1 million). If a UDP virtual server receives more than 6600 connections per second (cps) then the LocalDirector 430 can run out of resources in less than 5 minutes. It is possible to set the timeout to zero (0) minutes to prevent rapid loss of resources (connection objects). To ensure effective load balancing, use the predictor command with roundrobin type load balancing and use a timeout command set to 0. |
Examples
Related Commands
To create a virtual server to accept a connection from the network, use the virtual command. Use the no command to remove the virtual server from LocalDirector.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
The virtual command creates a virtual server to accept a connection from the network. Virtual servers present a single address for a group of real servers and load balance service requests between the real servers in a site. The virtual server IP address is published to the user community, but the real IP address can remain unpublished.
If you are using directed mode, and the published or "advertised" addresses are different from internal addresses, the IP address of LocalDirector must be on the network from which you want to access LocalDirector. That is, if your virtual servers are on network 172.16.0.x, and your real servers are on network 192.168.89.x, then the IP address of LocalDirector should be either 172.16.0.x (if accessing LocalDirector from outside) or 192.168.89.x (if accessing LocalDirector from inside). Here "accessing" means using Telnet, SNMP, or syslog to connect to LocalDirector. Virtual server addresses can be accessed only from the client side of LocalDirector.
If you are using dispatched mode, you can create an alias IP address on LocalDirector and keep it in a subnet different from the location of the real servers.
Specify the IP address of LocalDirector with the ip address command before defining virtual servers.
If no real servers are bound to the virtual server, use the no virtual command to remove the virtual server from LocalDirector.
Examples
The port and bind-id are optional when you define virtual servers. Although a space can be used as a delimiter for the port, a colon is preferred and must be used with the bind-id. Note that the port and bind-id are 0 by default.
In the following example, note the use of the name command. The name is used with the port and bind-id to identify the server (virtual_id).
To remove a virtual server, you must first remove any bind association to real servers. For example:
The show virtual command indicates the service state of virtual servers in addition to other information. Descriptions of the show virtual command output are provided in Table 5-9.
Table 5-9 show virtual Field Descriptions
|
|
1 IS = in service. The virtual server is accepting connections. 2 OOS = out of service. The out-of-service command was used to take the virtual server offline, and it is not accepting traffic for load balancing. Connections addressed to the virtual server are dropped. 3 The virtual server is unable to direct traffic to real servers. The real servers bound to the virtual server are either out of service or failed. 4 All real servers bound to the virtual server have reached the value set with the maxconns command. They are not accepting connections even though the servers are in service. |
Related Commands
To assign a relative value to the distribution of connections for a real server, use the weight command. Use the no weight command to remove a weight value from a real server.
Syntax Description
|
Defaults
The default number of connections is 1. The default time denomination is seconds (s).
Command Modes
Usage Guidelines
Servers with higher performance can support a higher number of connections. In the following example, the weights of all of the servers equals eight. Therefore, server 192.168.1.1 would receive 4/8 of the connections, or 50 percent. Server 192.168.1.2 would receive 25 percent of the connections, and servers 192.168.1.1 and 192.168.1.2 would each receive 12.5 percent of the connections. Faster servers receive more connections because they service the connection faster, regardless of the percentage of connections they are assigned at the time.
|
Note Weight values take effect only when the predictor command keyword for the virtual server to which the real server is bound is set to weighted or loaded. |
Examples
If the weight appears with an asterisk (*), it means the weight has been dynamically changed (for example, DFP agent on a server).
Related Commands Related Commands
To show active Telnet administration sessions, use the who command.
Syntax Description
Defaults
No default behavior or values.
Command Modes
Unprivileged, privileged, and configuration
Usage Guidelines
The who command shows the tty_id and IP address of each Telnet client currently logged in to LocalDirector. This command is the same as the show who command.
Examples
Related Commands
To show wildcards in use, use the show wildcard command.
Syntax Description
This command has no keywords or arguments.
Defaults
No default behavior or values.
Command Modes
Usage Guidelines s
Use this command to view the wildcards that are currently being used.
|
Note This command is used in the Cisco Appliance Server Architecture (CASA) environment; it should not be used unless LocalDirector is part of the CASA environment. |
Examples
To store the current configuration, use the write command.
Syntax Description
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
Use the write floppy command to save the current running configuration to floppy disk, and use the write memory command to save to Flash memory. You can save your configuration on the distribution diskette that shipped with your LocalDirector. Use configure memory or configure floppy to restore the
saved configuration.
Any settings left at the default value are not displayed with the write terminal command. Use the show command and the command associated with the setting to view the default value in the configuration (for example, show retry). The only exception is the show configuration command, which displays the configuration stored in Flash memory, and therefore will not include default values either.
Examples
To store the current LocalDirector configuration to a remote TFTP server, use the write net command. Use the tftp-server command first, or identify the name of the file and the IP address of the TFTP server.
|
Note The file must be created on the TFTP server before it can be saved with the write net command. The file must have write privileges enabled for all users. |
Syntax Description
|
|
Defaults
No default behavior or values.
Command Modes
Usage Guidelines
Use the write net command to save the current running LocalDirector configuration to a TFTP server. Use the configure net command to restore the saved configuration.
|
Note If you edit the configuration file on the TFTP server, do not use abbreviated commands in the TFTP configuration file (for example, the virtual command should not be abbreviated as virt). |
Related Commands
Posted: Fri Oct 17 10:27:09 PDT 2003
All contents are Copyright © 1992--2003 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.